Enterprise Solution:


Downloadable FREE and open-source software (FOSS) — including a FIDO U2F server.


StrongKey PKI2FIDO

StrongKey PKI2FIDO is a web application written in Angular2 and Java, using REST web service calls for client-server communication.

PKI2FIDO enables users with X.509 digital certificates (optionally, on smartcards  such as the PIV card or CAC) to strongly authenticate to PKI2FIDO using TLS-ClientAuth and register a FIDO U2F key with a FIDO Server (such as the StrongKey CryptoEngine).

The TLS ClientAuth process validates the digital certificate’s chain (if any) and uses CRLs to verify the certificate’s revocation status. Once the certificate chain is validated, it checks an LDAP Directory server to determine if the user is authorized to register a FIDO U2F Key with the site.

The end result is that a site can leverage the trust in an established credential such as the PIV, CAC, or National ID smartcard with an X.509 digital certificate, and enroll the trusted user with a FIDO U2F key without having to go through a manual identification and verification process again. Once the FIDO credential is registered, it enables the site to start using the simpler, stronger authentication model built into the FIDO protocol for web applications immediately.

  • Click HERE to see an architecture diagram of how PKI2FIDO works
  • Click HERE to download StrongKey PKI2FIDO
  • Click HERE to view the Quickstart Guide

StrongKey CryptoEngine

StrongKey CryptoEngine (SKCE) 2.0 is a “crypto Swiss Army knife” server to perform cryptographic functions through web services while freeing application developers to focus on business functionality. Its modules include:

  • A FIDO Engine to support FIDO U2F key registrations/authentications
  • An encryption engine to encrypt/decrypt files using AES/TDES keys
  • Escrowing keys to an on-premises key management system (StrongKey KeyAppliance)
  • Integration to cloud storage services (AWS S3, Azure, and Eucalyptus Walrus)
  • A signing engine to digitally sign documents, code, etc., with FIPS 140-2 HSM support
  • An LDAP Engine for AD/LDAP integration for authorization decisions

SKCE is battle-tested and in production at one of the largest e-commerce companies in the world, protecting more than 50M documents within the business process; see http://bit.ly/14VPYlO for the case study.

  • Click HERE to download SKCE
  • Click HERE for step by instructions to install SKCE

StrongKey CryptoCabinet

StrongKey CryptoCabinet (SKCC) 2.0 is a FIDO-enabled (fidoalliance.org ) web application built using Regulatory Compliant Cloud Computing (RC3) architecture (http://bit.ly/rc3infoq).

It encrypts files/objects of any type and any size and stores the ciphertext either to public/private clouds  AWS, Azure, Eucalyptus or local/network drives, while keeping cryptographic keys safe and secure OUTSIDE the cloud.

CryptoCabinet leverages the StrongKey CryptoEngine (SKCE) — another FOSS on this site — to perform FIDO U2F strong authentication, encryption/decryption, digital signatures, and cloud integration. The CryptoCabinet is a powerful example showcasing StrongKey CryptoEngine’s innovative capabilities.

Until you modify the CryptoEngine configuration, the default download uses a DEMO StrongKey KeyAppliance to store cryptographic keys. As such, use this ONLY FOR DEMO purposes. Contact us for any of your live production needs.

  • Click HERE to download SKCC
  • Click HERE for step-by-step instructions to install SKCC


A graphical tool for generating RSA and ECDSA cryptographic key pairs, creating Certificate Signing Requests (CSRs) from them, and combining the key pair with an issued digital certificate to create a secure portable container (PKCS12, JKS, JCEKS, etc.).